Federal and state governments are passing laws that define what constitutes personal information of individuals and mandating that there be procedures for protecting that personal information. An example of such a law is the California Security Breach Information Act (SB-1386) (enacted). This bill is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. The Act stipulates that if there's a security breach of a database containing personal data, the responsible organization must notify each individual for whom it maintained information. The Act, which went into effect Jul. 1, 2003, was created to help stem the increasing incidence of identity theft. According to the Federal Trade Commission, the organization received 214,905 complaints of identity theft in 2003, up 40% from 2002. Accordingly, there is a need for a simple but useful technique that can be incorporated in commercial databases to protect personal data from theft without seriously affecting the availability of the personal data to those that have a need to use it.